|
CommieGIR posted:Well, I mean, Baron Samedi (Baron Saturday to his friends) is a literal Haitian Voodoo religious icon almost like I think the name is great because it's one letter off something existing and that letter alludes to how they're doing it 
|
#
?
Jan 27, 2021 12:49
|
|
|
|
| # ? May 31, 2024 13:12 |
|
|
DACK FAYDEN posted:wow you don't say Okay, I misread that post. Meanwhile: https://twitter.com/GossiTheDog/status/1354411050838466561?s=20
|
|
#
?
Jan 27, 2021 14:15
|
|
|
Fuuuuck I can't believe I missed this valuable webinar Thanks a LOT, email quarantine 
|
|
#
?
Jan 27, 2021 14:44
|
|
|
Internet Explorer posted:The Linux world never gets to make fun of Windows ever again. This explains why my Mint computer at home had an update for Sudo which I had never seen before. Question for people here who have a CISSP. How many credits do you get from getting other certs? Im going to go for my AWS Security cert in the next month or two and I am wondering if that will cover me in credits for the next year or if I need to start hitting up webinars left and right down the line.
|
|
#
?
Jan 27, 2021 15:16
|
|
|
The good news is you can upgrade sudo as any user
|
|
#
?
Jan 27, 2021 15:26
|
|
|
BaseballPCHiker posted:Question for people here who have a CISSP. How many credits do you get from getting other certs? Im going to go for my AWS Security cert in the next month or two and I am wondering if that will cover me in credits for the next year or if I need to start hitting up webinars left and right down the line. I've actually never given this much thought and now I'm worried I might be passing up CPEs for just GETTING a new cert. I've always counted the training time as CPEs but nothing for the actual achievement.
|
|
#
?
Jan 27, 2021 15:36
|
|
|
Martytoof posted:I've actually never given this much thought and now I'm worried I might be passing up CPEs for just GETTING a new cert. I've always counted the training time as CPEs but nothing for the actual achievement. I didnt know I could list the training for CPEs, I figured since its all self guided, I'm just labbing on my own and watching ACloudGuru videos that I would get zilch until I get the cert.
|
|
#
?
Jan 27, 2021 15:46
|
|
|
I just followed stuff like linuxacademy and lynda when I did my cloud stuff, where I submit screenshots of time watched and their little completion "certificates" as evidence, but I think as long as you can qualify how you spent the time and back it up in event of an audit you should submit those as CPEs. I should position that knock on wood I've never actually been audited for CPEs so I don't know how this holds up.
|
|
#
?
Jan 27, 2021 15:50
|
|
|
What are the odds that this wasn't known as a zero day by at least one of the major state-backed hacking groups?BlankSystemDaemon posted:Nah, there's going to be a new fun bug in Windows any day now. I do wonder what a modern from-the-ground-up OS where security was the over-riding factor, would look like. Where every design decision is about treating all code as untrustworthy, limiting everything only to the designed behaviour and having multiple independent checking mechanisms.
|
|
#
?
Jan 27, 2021 16:07
|
|
|
Pablo Bluth posted:I do wonder what a modern from-the-ground-up OS where security was the over-riding factor, would look like. Where every design decision is about treating all code as untrustworthy, limiting everything only to the designed behaviour and having multiple independent checking mechanisms. Seems like a lot of work when you could just turn your computer off.
|
|
#
?
Jan 27, 2021 16:11
|
|
|
The Fool posted:Seems like a lot of work when you could just turn your computer off.
|
|
#
?
Jan 27, 2021 16:15
|
|
|
Pablo Bluth posted:What are the odds that this wasn't known as a zero day by at least one of the major state-backed hacking groups? TempleOS is rather difficult to use.
|
|
#
?
Jan 27, 2021 17:08
|
|
|
Martytoof posted:Fuuuuck I can't believe I missed this valuable webinar same
|
|
#
?
Jan 27, 2021 18:16
|
|
|
RFC2324 posted:TempleOS is rather difficult to use. You just have to pray, and if you're devout enough you'll be granted a holy vision of what specific undocumented and half working command line tool you need to actually do the thing you wanted to. Given how incredibly fiddly real time OSs are and life/safety critical code is in general, I wonder how much of an incredibly awful undertaking it would be to make a provably secure OS. Do we even have a formal framework that can prove code does what we want it to, or is it still in the realm of P=NP, the traveling salesman, and the halting problem?
|
|
#
?
Jan 27, 2021 22:53
|
|
|
Methylethylaldehyde posted:Do we even have a formal framework that can prove code does what we want it to, or is it still in the realm of P=NP, the traveling salesman, and the halting problem? My understanding is that for all but the most trivial of code, no, we haven't really found a viable provability framework for any of that. Just some clever hacks for figuring stuff out in some situations, but not for arbitrary general ones. e; with appropriate testing and some languages that lend themselves to it you can sometimes prove that your code does X where X is some list of things it should do, but there's rarely a way to prove that it only does X and never anything else, which is where a lot of the issues crop up. DrDork fucked around with this message at 00:14 on Jan 28, 2021 |
|
#
?
Jan 27, 2021 23:08
|
|
|
What do ya'll have to say about Qubes OS? Been thinking of giving it a whirl just to play around. Thinking of trying OpenBSD too
|
|
#
?
Jan 27, 2021 23:17
|
|
|
You may be able to prove your code does what you have in your spec, but your spec can also be flawed.
|
|
#
?
Jan 27, 2021 23:20
|
|
|
RFC2324 posted:TempleOS is rather difficult to use. Didn't they have a feature for adding devices called, "Plug n' Pray"? Oh wait that was MS. I'll show myself out
|
|
#
?
Jan 27, 2021 23:32
|
|
|
Bonzo posted:Didn't they have a feature for adding devices called, "Plug n' Pray"? Oh wait that was MS. That was actually pretty good.
|
|
#
?
Jan 28, 2021 00:51
|
|
|
isaboo posted:What do ya'll have to say about Qubes OS? Been thinking of giving it a whirl just to play around. Yeah I was gonna say Qubes is probably the most secure user facing OS I’ve ever heard of. Speaking of that has anyone here tried Graphene OS on a phone?
|
|
#
?
Jan 28, 2021 02:16
|
|
|
Been running Graphene for a few months now. Have loved the transition, actually. Also used Qubes for a while and have Tails on a flash drive I carry with me.
|
|
#
?
Jan 28, 2021 03:36
|
|
|
cage-free egghead posted:Been running Graphene for a few months now. Have loved the transition, actually. Also used Qubes for a while and have Tails on a flash drive I carry with me. Oh cool. I’ve heard bad things about most “open source phone” projects but this seems to be the exception so far
|
|
#
?
Jan 28, 2021 03:54
|
|
|
SpaceSDoorGunner posted:Yeah I was gonna say Qubes is probably the most secure user facing OS I’ve ever heard of. I tried it for a couple weeks about six months ago. It works in the sense that you can make phone calls and send texts and emails and use a web browser but all the modern comforts are missing. No google services means no google apps, no play store, and no notifications. You're probably okay with this if you're considering Graphene but not having notifications definitely sucks. Many of the fdroid apps are pretty janky so your best bet is to just use services accessible through a web browser. You'd be surprised how many services are not accessible from the web (e.g. ride sharing) and for those that are, how their associated apps are often just pretty webviews. There was also a fair amount of drama from the devs because they're heavily overworked and underpaid. I respect what they're doing and if your life depends on your phone not getting hacked it's worth the trouble but I didn't feel confident in the project's future. Expect major bugs too, e.g. for a few days bluetooth was busted and they had to roll back a system update to fix it. I'm not sure how it's progressed since then because I gave up shortly after. All this is to say it's fine and it works but you've got to be willing to give up a lot for what you get.
|
|
#
?
Jan 28, 2021 03:55
|
|
|
acetcx posted:I tried it for a couple weeks about six months ago. It works in the sense that you can make phone calls and send texts and emails and use a web browser but all the modern comforts are missing. No google services means no google apps, no play store, and no notifications. You're probably okay with this if you're considering Graphene but not having notifications definitely sucks. Yeah, I went into Graphene knowing its purpose goes along with those who are more privacy-conscious, so I got rid every Play store app except for Awful and Wyze, which runs on a work profile. Stopped using my Google accounts, switched over to Signal which works without G-services too. All my photos and data get backed up locally and is encrypted. I think Graphene is aimed at some very specific use cases, but definitely should be considered by those wanting to be more privacy oriented or get away from phone addiction.
|
|
#
?
Jan 28, 2021 04:56
|
|
|
cage-free egghead posted:Yeah, I went into Graphene knowing its purpose goes along with those who are more privacy-conscious, so I got rid every Play store app except for Awful and Wyze, which runs on a work profile. Stopped using my Google accounts, switched over to Signal which works without G-services too. All my photos and data get backed up locally and is encrypted. I think Graphene is aimed at some very specific use cases, but definitely should be considered by those wanting to be more privacy oriented or get away from phone addiction. Hats off to folks who deal with these kinds of inconveniences in order to try to be more private. I simply can't do it, especially on the phone. I justify it to myself because I know the data that already exists on me is so vast that going dark now is kind of pointless. Also that my wife and children, by proxy, are going to give back all ground I attempt to take away anyway.
|
|
#
?
Jan 28, 2021 06:47
|
|
|
Sickening posted:Hats off to folks who deal with these kinds of inconveniences in order to try to be more private. I simply can't do it, especially on the phone. I justify it to myself because I know the data that already exists on me is so vast that going dark now is kind of pointless. Also that my wife and children, by proxy, are going to give back all ground I attempt to take away anyway. My self justification is sunken cost fallacy, and a determination to use the gently caress out of google services so I get something back from their massive monetization of my being
|
|
#
?
Jan 28, 2021 07:05
|
|
|
RFC2324 posted:My self justification is sunken cost fallacy, and a determination to use the gently caress out of google services so I get something back from their massive monetization of my being I figure everything else I've done is more bang for my buck anyway - getting rid of facebook, twitter, gmail, google maps, google drive, dropbox, etc... plus using firefox instead of chrome, linux instead of windows, and getting all my contacts to switch to signal for texting. I'm pretty interested to see if any of the linux phone projects pan out in the next few years but until then I'll just sell my soul to apple in exchange for a pleasant phone experience.
|
|
#
?
Jan 28, 2021 07:17
|
|
|
I've tried Qubes before but never had a system with enough memory to make it run acceptably fast. I would just use Tails for my Tor business.
|
|
#
?
Jan 28, 2021 14:07
|
|
|
I'm trying to decide what my favourite thing about the ISC2 site is. Whether it's the fact that it redirect me to http://localhost half the time I try to load it, or whether it renders a bunch of items and then hides them so I always have a minor heart attack because *AUDIT* is visible in red before it disappears.
|
|
#
?
Jan 28, 2021 15:03
|
|
|
Tails looks pretty interesting too. I’ve used whonix in the past but tails just from a 30 second skim looks much more professional and mature. I have a parrot os flash drive with an encrypted persistent partition, but I haven’t really used it except some experiments on my home network to feel like 
|
|
#
?
Jan 28, 2021 15:09
|
|
|
Sickening posted:Hats off to folks who deal with these kinds of inconveniences in order to try to be more private. I simply can't do it, especially on the phone. I justify it to myself because I know the data that already exists on me is so vast that going dark now is kind of pointless. Also that my wife and children, by proxy, are going to give back all ground I attempt to take away anyway. The way I look at it, the less info they get now and in the future, the less value trying to gather that data becomes and the less they try to prey on us. Let's be honest too, a lot of the stuff we do on our phones is simply a waste of time so that was an easy call for me to make. We are not without options, thank goodness but giving into these ecosystems, especially Google, is dangerous as already evidenced by their involvement with government forces. Cambridge Analytica is another good example. These companies don't give a poo poo about us, so it's a good opportunity to take control of our own data over the sake of convenience. acetcx posted:I figure everything else I've done is more bang for my buck anyway - getting rid of facebook, twitter, gmail, google maps, google drive, dropbox, etc... plus using firefox instead of chrome, linux instead of windows, and getting all my contacts to switch to signal for texting. I'm pretty interested to see if any of the linux phone projects pan out in the next few years but until then I'll just sell my soul to apple in exchange for a pleasant phone experience. Bingo. Although there are ways to mitigate your data exposure to Apple, it is probably the best out of box experience. I just fired up an old 6S+ I had, registered an anonymous iCloud account and use Mullvad VPN with it exclusively at home. I haven't used an iPhone in like 5 years and they are taking good steps to better the privacy game, but I'd still be wary. RFC2324 posted:My self justification is sunken cost fallacy, and a determination to use the gently caress out of google services so I get something back from their massive monetization of my being I felt that way up until just a few months ago. I had EVERYTHING backed up to Drive but with their constant fuckery with random apps, mostly messaging ones, the removal of free photo storage and other shenanigans that if there's a good time to get out, it's now. What happens if they just randomly change their policy? We are at the whims of their TOS which who knows what sort of gotchyas they've got in there if they make some sweeping change. Obviously the unlikelihood of that is low, but I'd rather be the one in control of my data and not contribute to their monopolistic practices.
|
|
#
?
Jan 28, 2021 16:33
|
|
|
SpaceSDoorGunner posted:Tails looks pretty interesting too. I’ve used whonix in the past but tails just from a 30 second skim looks much more professional and mature. Tails is great, Qube is RAM hungry but good, but honestly usability wise ParrotOS is my favorite. Also, watched a bunch of people who realized Kali is missing a bunch of packages that breaks basic functionality this week.
|
|
#
?
Jan 28, 2021 16:35
|
|
|
cage-free egghead posted:The way I look at it, the less info they get now and in the future, the less value trying to gather that data becomes and the less they try to prey on us. Let's be honest too, a lot of the stuff we do on our phones is simply a waste of time so that was an easy call for me to make. We are not without options, thank goodness but giving into these ecosystems, especially Google, is dangerous as already evidenced by their involvement with government forces. Cambridge Analytica is another good example. These companies don't give a poo poo about us, so it's a good opportunity to take control of our own data over the sake of convenience. This only works when you and everyone around you goes to the same lengths and that has to be exceedingly rare. I can't even fathom how unplugged one must get to to even put a dent into things for a single person. You would have to pay cash for everything, basically not use any internet service, and then get every bit of data that is already built up on you purged from every ecosystem. I am glad others can gleam some bit of satisfaction from it but I question is effectiveness.
|
|
#
?
Jan 28, 2021 21:48
|
|
|
Probably need a constitutional amendment for a right to Privacy?
|
|
#
?
Jan 29, 2021 02:32
|
|
|
https://twitter.com/_mattata/status/1354972614507311110?s=20
|
|
#
?
Jan 29, 2021 03:29
|
|
|
isaboo posted:What do ya'll have to say about Qubes OS? Been thinking of giving it a whirl just to play around. OpenBSD is ok for a server. i host a few very small things on mine, and the docs and example configs are good. i probably wouldn't use it for desktops, it's s bit slow
|
|
#
?
Jan 29, 2021 03:57
|
|
|
CommieGIR posted:Tails is great, Qube is RAM hungry but good, but honestly usability wise ParrotOS is my favorite. Parrot is great, it has all the tools I’ve actually used as a beginner and it’s also more Ubuntu like in the sense the basics it comes with work well enough and it has a lot of dependencies there where Kali Linux feels like Debian where you have to do a lot more troubleshooting to get any non default tools working.
|
|
#
?
Jan 29, 2021 03:58
|
|
|
This is cool as hell.
|
|
#
?
Jan 29, 2021 04:34
|
|
|
Buck Turgidson posted:OpenBSD is ok for a server. i host a few very small things on mine, and the docs and example configs are good. i probably wouldn't use it for desktops, it's s bit slow Uh oh, here we go.
|
|
#
?
Jan 29, 2021 23:24
|
|
|
|
| # ? May 31, 2024 13:12 |
|
|
Other than the age old "OT is a secfuck nightmare" advice, are there are good resources I can start following about industrial/manufacturing specific infosec concerns? Doing some work for a customer in that space and anything I could start following with topical news would be appreciated.
|
|
#
?
Feb 2, 2021 19:09
|
|
